Meraki

Community

Meraki - Find the Network and AP/SSID a client is connected to given the IP address

ds2020
Here to help
‎Aug 27 2020 12:38 PM
‎Aug 27 2020 12:38 PM

Meraki - Find the Network and AP/SSID a client is connected to given the IP address

Hi everyone, I'm facing a problem that I hope someone here can help me solve or point me to a workaround for finding the information within the Meraki portal. To begin, my question is simple as stated above.

 

If I have an IP address of 10.10.15.4 for example, what is the easiest most simple way to find out under which Network that IP belongs and which AP/SSID the IP was connected to?

 

The reason for this is we have these alerts generated from our SIEM and we have rules in our SIEM that would tag a device as non-corporate device if it satisfies certain criteria. So when something like that comes up we need to dig in and identify the device so we can identify the user and follow up etc.

 

In Meraki we have about 100+ Networks defined and each with different numbers of APs (1 network has 40+ APs) with about 3-4 SSIDs so I'm having a very hard time trying to figure out where should I begin my investigation. Is there anything out there that can help with this? Maybe something like a master list/report that shows all clients and IP addresses along with their networks and AP's as a table or something?

 

Thank you in Advance!

0 Kudos
5 Replies 5
Cain
Here to help
‎Aug 27 2020 6:35 PM
‎Aug 27 2020 6:35 PM

The Meraki API is your friend.  You could very easily dump all clients to a CSV file and use grep (or Ctrl-F in excel) to find the offending IP address.  Lots of information is available to you with regards to the association to AP/SSID and networks etc.

0 Kudos
In response to Cain
BrechtSchamp
Kind of a big deal
‎Aug 28 2020 4:45 AM
‎Aug 28 2020 4:45 AM

How does your SIEM get its information? Are you using NAT mode on the access points (I'm asking because the IP address you gave is in the 10.0.0.0/8 range)?

0 Kudos
In response to BrechtSchamp
ds2020
Here to help
‎Aug 28 2020 8:31 AM
‎Aug 28 2020 8:31 AM

Hi BrechtSchamp,

SIEM gets the information from network traffic, we are monitoring network activity and not sending syslogs yet, although i am in the process of sending the syslogs to Sumologic for better analysis. Currently looking at the Meraki dashboard settings Wireless > Configure > SSIDS >Client IP Assignment is set to Meraki DHCP (NAT Mode: Use Meraki DHCP )

0 Kudos
In response to Cain
ds2020
Here to help
‎Aug 28 2020 8:13 AM
‎Aug 28 2020 8:13 AM

Hi Cain, can you provide information on how to do this? I'm not very familiar with the API's but I do have people on my team that can do something if we can provide some instructions.

0 Kudos
In response to ds2020
Cain
Here to help
‎Aug 29 2020 2:49 AM
‎Aug 29 2020 2:49 AM

Hey mate,

 

All you(your team) need is something that has Internet access and Python 3 installed.  You need to install the Meraki Python library (make sure to install version 0.x.x - pip3 install meraki==0.x.x) one of their example files is called org_wide_clients_v0.py

 

Have a look at their github page: https://github.com/meraki/dashboard-api-python  you can modify this script to output just what you need.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.